Classic ransomware encrypted files and demanded payment for a decryption key. Today, attackers take it further. In a double extortion attack, cybercriminals first steal large amounts of client data, then lock systems. Even if a firm restores operations from backups, hackers threaten to publish or sell the stolen information unless another payment is made.

For law firms, the impact is devastating. Confidential case files, merger documents, medical records, and personal data can all be exposed to the public or dark web.

Example: The attack on Grubman Shire Meiselas & Sacks illustrates the stakes. Hackers demanded a $42 million ransom and, when the firm refused, leaked high-profile celebrity contracts and client data. The damage extended far beyond IT systems and became front-page news.

For years, firms relied on backups as their insurance policy. But ransomware groups now target backups directly. Malware scans networks to find and encrypt connected drives or online storage, leaving firms with nothing to restore.

The problem is compounded by weak adoption of best practices:

• Only 43% of law firms use cloud backups.
  
• Just 37% protect backups with MFA, leaving them vulnerable to stolen credentials.
  
• Only about 50% of firms report having “immutable” backups that cannot be altered or deleted.
  

When backups fail, downtime skyrockets, ransom payments become more likely, and the cost of recovery soars.

Multi-factor authentication (MFA) is one of the most effective defenses against unauthorized access. By requiring a code or token in addition to a password, MFA blocks the vast majority of phishing-based intrusions.

Yet only 54% of law firms report using MFA, compared to 87% of large enterprises. That leaves nearly half of firms open to credential theft, phishing, and brute-force attacks.

Without MFA, attackers who steal or guess a password can move freely through email, case management software, and file servers. Once inside, they can disable security tools, exfiltrate data, and plant ransomware, often without being detected until it is too late.

Technology isn’t the only way attackers infiltrate firms. Social engineering has become a powerful tool, targeting lawyers, paralegals, and administrative staff who may not recognize subtle threats.

• Callback phishing: Attackers send fake emails instructing staff to call a phone number, where a live scammer convinces them to install malware.
  
• AI-driven phishing: Messages are personalized and convincing, making them harder to detect.
  
• Vendor compromise: Third-party software or service providers are hacked, as in the MOVEit supply chain attack, and law firms are compromised as collateral damage.
  

These tactics bypass traditional defenses by exploiting human trust. Without regular training and awareness, even cautious staff can be tricked.

Hackers are evolving. Is your firm keeping up? Schedule your Free IT Assessment today.